Logo
logo
EnglishLanguage
logo
Listen live
HomeGlossaryContact us
Find us on social media
Advertisement for 5fXBptIOLaA?si=-QAVpQnM0DVFw-al

Holiday hackers: Watch out for crypto phishing

With the end-of-year rush, crypto users are prime targets for fraudsters. Protect yourself from scams with these essential tips

Joanna BuenconsejoProfile
By Joanna BuenconsejoDec. 6th - 3pm
4 min read
Phone with a santa hat on
Phishing is a type of scam that involves attempting to steal personal information, such as usernames, bank account details, or other crucial data. Photo: Pexels / Marko Klaric

A time for joyful shopping and anticipated reunions, the holiday season is just around the corner. However, in the midst of this festivity, it also presents prime opportunities for hackers—leaving unsuspecting victims more vulnerable to scams and attacks.

According to cybersecurity experts, crypto phishing attacks could rise over the holiday season, as scammers capitalize on Christmas festivities.

Phishing is a type of scam that involves attempting to steal personal information, such as usernames, bank account details, or other crucial data. This stolen information is usually used maliciously. To execute a phishing scheme, scammers typically impersonate reputable sources—luring victims in with the ultimate goal of tricking them. It’s similar to how fishermen use bait to lure fish in to ultimately catch them.

One famous crypto phishing scam case was that of Bee Token. In 2018, bad actors capitalized on the networks’ initial coin offering (ICO)—which is a popular fundraising method for crypto ventures that is similar to initial public offerings (IPO) in stocks—to trick investors. 

According to CoinDesk, the scammers accessed Bee Token's mailing list and impersonated operators using official-looking email addresses. They contacted potential buyers who had signed up for the full sale of the token.

Through this phishing scheme, the scammers were able to swindle almost $1 million in about 25 hours. 

 

These types of scams have persisted on the crypto and wider financial landscape, targeting unsuspecting victims and leaving them with significant losses.

Scam Sniffer, a crypto scam monitoring platform, reported that more than 9,200 investors lost $9.4 million in November due to phishing schemes. In fact, one victim lost $661,000 worth of stETH in a matter of minutes. 

 

The platform added that malicious signatures are crypto scammers’ deadliest weapon. According to Chainalysis, in an approval phishing scam, bad actors deceive individuals into signing a blockchain transaction that is malicious, which ultimately approves the scammer's address to spend certain tokens in the victim's crypto wallet. Because of this, some victims end up losing tens of millions.  

Aside from this, Darktrace, a global AI cybersecurity leader, also reported a notable trend: Christmas-themed phishing scams went up by 327% during Black Friday week, which happened on November 25 to 29. Similarly, Black Friday-themed phishing attacks went up by 692% compared to the first week of November. 

Apparently, bad actors sought to exploit both companies and consumers during this bustling shopping season. 

More phishing attacks could occur in December, as scammers try exploiting online transactions ahead of Christmas. Dedd Lavid, the CEO and co-founder of Web3 security platform Cyvers, told Cointelegraph, “Awareness of holiday-themed phishing attacks is crucial, along with tools like real-time monitoring to flag suspicious behaviors promptly.” 

Lavid further emphasized the importance of strong security practices and vigilance and recommended two-factor authentication, avoiding public WiFi for crucial activities, and verifying communications as security measures.  

Nathaniel Jones, the VP of Threat Research Darktrace, also said, “The festive shopping season creates a perfect storm for cyber criminals,” adding that “both consumers and brands need to be increasingly alert to potential scams.”

How to avoid crypto phishing scams 

While even experienced crypto investors can fall victim to these schemes, there are tips for staying ahead of these scammers. To avoid falling victim to phishing schemes over the holidays, follow these tips. 

Be cautious about sharing personal information

With the holiday season, an influx of Christmas-themed messages and promotions are bound to flood crypto users’ email accounts. While several of these communications are legitimate, be cautious of official-looking messages involving unsolicited requests for personal information or funds. 

It is important to first verify the legitimacy of these messages, as they could be malicious. Never send approval or provide information without first engaging in DYOR (do your own research). 

Scammers are creative and skilled enough to make their email and messages appear professional and official—even when they aren't. Because of this, it is important to double-check sources by visiting official websites and social media channels. Individuals can also go the extra mile by contacting institutions directly to confirm requests for information. 

When in doubt, it is better to avoid engaging with these sources as a whole. Moreover, if offers sound too good to be true, they are likely fake. 

Protect passwords, OTPs, and private keys  

There's a reason why certain information is considered private. Login credentials like passwords and one-time-pins (OTPs) should be kept hidden. Always protect sensitive codes like OTPs, as this may grant scams unauthorized account access. 

It is also important to protect private keys, as these offer full management and control over assets. These keys should not be kept in locations that are prone to hacking. 

Avoid clicking suspicious links 

At times, scammers and phishers may include suspicious links in their messages and urge recipients to click on them. These links may take recipients to an impersonated website that aims to steal information, prompt users to install malware, or ask individuals to approve malicious blockchain transactions in the guise of harmless activity. 

Some of these links may appear blatantly suspicious. By dragging your cursor over the link, you can see its URL without clicking it. In most cases, phishing URLs are confusing, long, and loaded with unusual characters, which they use to disguise the true destination of the link. 

Don't fall for these schemes

Though bad actors may capitalize on the Christmas rush, individuals do not need to fall for their tricks. With awareness and strong security practices, investors and traders can enjoy Christmas with peace of mind—focusing on celebration and connection over crypto cyber threats. 

Share :
Advertisement for 5fXBptIOLaA?si=-QAVpQnM0DVFw-al

We use cookies on our site.